Install the Venafi MMC Snap-In Collection

NOTE  This procedure provides instructions on installing the Venafi MMC Snap-In Collection. The snap-in collection can be installed on any Windows workstation, thereby allowing administrators to perform management tasks without having to be signed in to the Trust Protection Platform server.

In order to complete this procedure, you'll need the following information:

  • URL of the Trust Protection Platform SDK endpoint

    If the default engine settings are used, this is: https://[venafi-server]/vedsdk/

  • URL of the Trust Protection Platform authentication endpoint

    If the default engine settings are used, this is: https://[venafi-server]/vedauth/

  • Valid user credentials to the Trust Protection Platform server and access to use the snap-ins.

    While users may have access to view the snap-in, they must also have rights to see the data. For example, the Venafi Recycle Bin snap-in can be added by anybody, but the contents of the recycle bin can only be seen by a master administrator.

  • API access granted to the user.

    The snap-in collection utilizes Venafi's API, so to use the snap-ins, your user account needs API access. This is covered in the next section.

  • Authentication method information.

    You can log in using your Venafi user name and password, or you can use Windows Integrated Authentication (if itself has been configured to use Windows Authentication). Please review the following topics for information on configuring to use Windows Integrated Authentication:

The Snap-In Collection requires the following:

  • .NET 4.7.2
  • Windows 8.1 or later or Windows MS SQL 2016 SP2 or later

Grant access to the snap-ins

In order to use the MMC snap-ins, a master admin must grant access to them. The relevant Application Names for the snap-ins in the MMC snap-in collection are:

  • Venafi Code Signing Administration

  • Venafi Configuration Console

  • Venafi Event Viewer

  • Venafi Statistics Viewer

  • Venafi Recycle Bin

  • Venafi Access Management

  • Venafi Message Bus

  • Venafi Tools

To use the any of the MMC snap-ins, users must be given access by an administrator. To grant access, use the Integrations page in the Platform product.

  1. Sign in to the Venafi Platform product, and click API > Integrations in the menu bar.

    TIP  Use the filter to search for MMC to see all the snap-ins.

  2. Click the name of the snap-in you're granting access to.
  3. Click User or team access.
  4. In the User or team box, enter the name of the user or team you want to grant access to.
  5. Click Add.
  6. Click Save.

Once users have access, they can install and configure the snap-in.

After access is granted to use the snap-ins, return to this topic and follow the steps below to load them in the MMC.

Download and install the Venafi MMC Snap-In Collection

  1. Download the VenafiMmc-24.3.0.msi installation file. See download.venafi.com.
  2. Run the installation file. The Venafi MMC Snap-In Collection Setup wizard opens. Click Next.
  3. Accept the end-user license agreement and click Next.
  4. Select the location where you want the Venafi MMC snap-in installed. Click Next.
  5. Click Install. The installation takes place. Click Finish.

Add the Snap-Ins to the MMC

DID YOU KNOW?  You can have snap-ins for multiple servers, allowing you to easily manage a complete cluster of Venafi servers, as well as servers in lower (development, test, etc.) environments.

Additionally, since identities cannot see identities from other identity providers (local admins cannot see identities managed by Active Directory, for example), you can add multiple instances of the same snap-in for the same Venafi server, but with different user credentials. This allows you to manage users from multiple identity providers, or even see the rights and permissions granted to users within the same identity provider, but with different roles.

  1. On the Windows computer where you want to run the snap-in, open the MMC console.

    You can do this by pressing Windows+R and typing mmc in the Open box. Click OK, and then click Yes in the User Account Control window.

  2. Click File > Add/Remove Snap-In.

  3. From the Available snap-ins list, locate the Venafi snap-ins. They all start with the word Venafi. For each snap-in that you want to add, follow the instructions below:

    You must have a valid access grant to use the Venafi CodeSign Protect Administration snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi CodeSign Protect Administration snap-in, and then click Add.

    In the Venafi Selection dialog, enter the following:

    • Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    • Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    • Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

      Correct format is https://[server URL]/vedauth/.

    • Method: Select the method of authentication.

      • Select Credentials if you want to log in with the user name and password you use to access  Venafi Platform.

      • Select Integrated Authentication if you want to use Windows Authentication.

    • Username and Password: If you are using the Credential method, enter the user name and password you use to access Venafi Platform. If you are using the Integrated Authentication method, these fields are disabled.

    Click OK.The snap-in is added to the Selected snap-ins list.

    You must have a valid access grant to use the Venafi Event Viewer snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi Event Viewer snap-in, and then click Add.

    In the Venafi Selection dialog, enter the following:

    • Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    • Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    • Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

      Correct format is https://[server URL]/vedauth/.

    • Method: Select the method of authentication.

      • Select Credentials if you want to log in with the user name and password you use to access  Venafi Platform.

      • Select Integrated Authentication if you want to use Windows Authentication.

    • Username and Password: If you are using the Credential method, enter the user name and password you use to access Venafi Platform. If you are using the Integrated Authentication method, these fields are disabled.

    Click Connect. After connecting, you will see Channel and Result Limit.

    The Channel drop-down shows all configured SQL channels that log event data. Select the one you would like to view data from.

    The Result Limit drop-down is the default limit that will be used for any retrieved records, if a custom view does not specify a limit. For example, if you select 50,000 and a query has more than 50,000 results, only the 50,000 newest events will be returned and displayed.

    Click OK.The snap-in is added to the Selected snap-ins list.

    You must have a valid access grant to use the Venafi Statistics Viewer snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi Statistics Viewer snap-in, and then click Add.

    In the Venafi Selection dialog, enter the following:

    • Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    • Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    • Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

      Correct format is https://[server URL]/vedauth/.

    • Method: Select the method of authentication.

      • Select Credentials if you want to log in with the user name and password you use to access  Venafi Platform.

      • Select Integrated Authentication if you want to use Windows Authentication.

    • Username and Password: If you are using the Credential method, enter the user name and password you use to access Venafi Platform. If you are using the Integrated Authentication method, these fields are disabled.

    Click OK.The snap-in is added to the Selected snap-ins list.

    You must have a valid access grant to use the Venafi Configuration Console snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi Configuration Console snap-in, and then click Add.

    Please note that users must have the Master Admin role to see the contents of the Venafi Configuration Console snap-in.

    In the Venafi Selection dialog, enter the following:

    • Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    • Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    • Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

      Correct format is https://[server URL]/vedauth/.

    • Method: Select the method of authentication.

      • Select Credentials if you want to log in with the user name and password you use to access  Venafi Platform.

      • Select Integrated Authentication if you want to use Windows Authentication.

    • Username and Password: If you are using the Credential method, enter the user name and password you use to access Venafi Platform. If you are using the Integrated Authentication method, these fields are disabled.

    Remember, you will only see content in this node if you have the Master Admin role.

    Click OK.The Venafi Configuration Console snap-in is added to the Selected snap-ins list.

    You must have a valid access grant to use the Venafi Recycle Bin snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi Recycle Bin snap-in, and then click Add.

    Please note that users must have the Master Admin role or the Recycle Bin Admin role to see the contents of the Recycle Bin snap-in.

    In the Venafi Selection dialog, enter the following:

    • Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    • Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    • Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

      Correct format is https://[server URL]/vedauth/.

    • Method: Select the method of authentication.

      • Select Credentials if you want to log in with the user name and password you use to access  Venafi Platform.

      • Select Integrated Authentication if you want to use Windows Authentication.

    • Username and Password: If you are using the Credential method, enter the user name and password you use to access Venafi Platform. If you are using the Integrated Authentication method, these fields are disabled.

    Remember, you will only see content in this node if you have the Master Admin role or the Recycle Bin Admin role.

    Click OK.The Venafi Recycle Bin snap-in is added to the Selected snap-ins list.

    You must have a valid access grant to use the Venafi Access Management snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi Access Management snap-in, and then click Add.

    Please note that users must have the Master Admin role to see the contents of the Venafi Access Management snap-in.

    In the Venafi Selection dialog, enter the following:

    • Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    • Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    • Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

      Correct format is https://[server URL]/vedauth/.

    • Method: Select the method of authentication.

      • Select Credentials if you want to log in with the user name and password you use to access  Venafi Platform.

      • Select Integrated Authentication if you want to use Windows Authentication.

    • Username and Password: If you are using the Credential method, enter the user name and password you use to access Venafi Platform. If you are using the Integrated Authentication method, these fields are disabled.

    Remember, you will only see content in this node if you have the Master Admin role.

    Click OK.The Venafi Access Management snap-in is added to the Selected snap-ins list.

    You must have a valid access grant to use the Venafi Bus Management snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi Bus Management snap-in, and then click Add.

    Please note that users must have the Master Admin role or the Recycle Bin Admin role to see the contents of the Recycle Bin snap-in.

    In the Venafi Selection dialog, enter the following:

    • Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    • Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    • Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

      Correct format is https://[server URL]/vedauth/.

    • Method: Select the method of authentication.

      • Select Credentials if you want to log in with the user name and password you use to access  Venafi Platform.

      • Select Integrated Authentication if you want to use Windows Authentication.

    • Username and Password: If you are using the Credential method, enter the user name and password you use to access Venafi Platform. If you are using the Integrated Authentication method, these fields are disabled.

    Remember, you will only see content in this node if you have the Master Admin role or the Recycle Bin Admin role.

    Click OK.The Message Bus snap-in is added to the Selected snap-ins list.

    You must have a valid access grant to use the Venafi Tools snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi Tools snap-in, and then click Add.

    Please note that users must have the Master Admin role to see the contents of the Venafi Tools snap-in.

    In the Venafi Selection dialog, enter the following:

    • Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    • Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    • Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

      Correct format is https://[server URL]/vedauth/.

    • Method: Select the method of authentication.

      • Select Credentials if you want to log in with the user name and password you use to access  Venafi Platform.

      • Select Integrated Authentication if you want to use Windows Authentication.

    • Username and Password: If you are using the Credential method, enter the user name and password you use to access Venafi Platform. If you are using the Integrated Authentication method, these fields are disabled.

    Remember, you will only see content in this node if you have the Master Admin role.

    Click OK.The Venafi Tools snap-in is added to the Selected snap-ins list.

  4. Click OK.

Saving the Snap-In view

Once the snap-in is loaded, you can save your view for quicker access in the future. In the MMC, click File > Save. Choose a name and location for your .msc file, and click Save. Double-clicking the .msc file opens the MMC with the snap-in already loaded.